Text Exploits
31,386 exploits tracked across all sources.
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
by Ihsan Sencan
School Faculty Scheduling System 1.0 - 'username' SQL Injection
by Jyotsna Adhana
School Faculty Scheduling System 1.0 - 'id' SQL Injection
by Jyotsna Adhana
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
by Ankita Pal
Lot Reservation Management System 1.0 - Authentication Bypass
by Ankita Pal
hrsale 2.0.0 - Path Traversal via Download Endpoint
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
by Sosecure
CVSS 5.3
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting
by Adeeb Shah
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
by Adeeb Shah
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
by Jyotsna Adhana
School Faculty Scheduling System 1.0 - Authentication Bypass POC
by Jyotsna Adhana
WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
by Net-Hunter
CVSS 8.8
Mobile Shop System 1.0 - SQL Injection via Email Parameter
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.
by Moaaz Taha
CVSS 9.8
Projectworlds Visitor Management System in PHP 1.0 - SQL Injection via 'rid' Parameter
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
by Rahul Ramkumar
CVSS 8.8
Wordpress Plugin WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure
by redtimmysec
User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS
by yusufmalikul
Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting (Authenticated)
by n1x_
Online Discussion Forum 1.0 - Authenticated Stored Cross-Site Scripting in Message Body
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
by j5oh
CVSS 5.4
Tourism Management System 1.0 - Unauthenticated Arbitrary File Upload via Admin Create Package
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
by Ankita Pal
CVSS 8.8
Textpattern CMS 4.6.2 - Cross-Site Request Forgery via Prefs Subsystem
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
by Alperen Ergel
CVSS 8.8
By Source